Analysis Overview
SHA256
24dab264063bfd98dfd0f1dee3f570fb7fd2b8b075bbaf32d83a0189fc47f9f3
Threat Level: Shows suspicious behavior
The file e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Drops Chrome extension
Drops file in System32 directory
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 17:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 17:48
Reported
2024-04-07 17:51
Platform
win7-20240221-en
Max time kernel
124s
Max time network
128s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| File created | C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2224 wrote to memory of 2976 | N/A | C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe |
| PID 2224 wrote to memory of 2976 | N/A | C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe |
| PID 2224 wrote to memory of 2976 | N/A | C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe |
| PID 2224 wrote to memory of 2976 | N/A | C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe
"C:\Users\Admin\AppData\Local\Temp/5f69388e/37bz2M.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.exe
| MD5 | 3235a5142bce167c8be580ce72d55378 |
| SHA1 | 8e8c1d0303a7924d0bbb20d7d69ab712e2397593 |
| SHA256 | 8358abb88476040868017096d1870834af04773921394555c002070e1fb7475c |
| SHA512 | 913fc9e9bf1857cff7a7d22bb21e563f977be20cb4a671550c7b67026259c5ebb8fafa55615a8a6f4d3a248337e0bc40455a8a257c4d9eff9413c41a8ff18d08 |
C:\Users\Admin\AppData\Local\Temp\5f69388e\37bz2M.dat
| MD5 | 19704cea92f792f8dda3814a436bbc8b |
| SHA1 | 72ba2c8464d14645fd029fa5891ea8fbdc4beb4c |
| SHA256 | 0dfa2ae39c051951d892d6de77558dfe83a1586d49bbdc023a515b2f81fe2da5 |
| SHA512 | e7141db13a188dd7b74d6bc2f6a341bbd18ec72d2aa64f97ddf55f164441f0608abb11b776ff8dd1bd644450fc540383a8b09ed4d3e7d03c01eaddd4e8258f56 |
C:\Users\Admin\AppData\Local\Temp\5f69388e\knnlfdlekojbebccggjioopkandhdaon\background.html
| MD5 | 2cefed3696354c0e8c6ef1635eb1748c |
| SHA1 | b2184df1cd1cda49471842e458a98d34c90c92e4 |
| SHA256 | e606b6e17669e80daef16e6421305625612c6d4e913a19586950f3981c6eb478 |
| SHA512 | 7486f74cf89245f51e250203fb0839ba2f5494622b4a80e48fd2c9f6e42b070425214469e0540b748577746953bbc934f7147996114db62ecefc66f3d7755594 |
C:\Users\Admin\AppData\Local\Temp\5f69388e\knnlfdlekojbebccggjioopkandhdaon\manifest.json
| MD5 | 4c4bad19f3514e843f38a49ed67c9126 |
| SHA1 | bbb1b10f73992a749c51c447678676a18849fab4 |
| SHA256 | c7d4e356cc5de4755833d581a7b0092d7259ed2bb172ca195bc23f8e504eefae |
| SHA512 | 050533fc10b26f027f990248b27f738ed182a8c42b8b9a898e66cd0fb4ef382cc94ae47eb027bbf8eaf1912b61b9c21798a15dd7be4431c89779e6f3eaeedfcf |
C:\Users\Admin\AppData\Local\Temp\5f69388e\knnlfdlekojbebccggjioopkandhdaon\lsdb.js
| MD5 | 36d98318ab2b3b2585a30984db328afb |
| SHA1 | f30b85fbe08e1d569ad49dfeafaf7cb2da6585a5 |
| SHA256 | ea2caf61817c6f7781ee049217e51c1083c8fc4f1e08e07792052dfdfa529ae7 |
| SHA512 | 6f61ccda2eba18369409850b2c91c9817fc741755e29a1579646e3816e0deab80e34a5adb9ff865c773793d32ac338163a224dbf363b46420d6ea42a7bbb2b3a |
C:\Users\Admin\AppData\Local\Temp\5f69388e\knnlfdlekojbebccggjioopkandhdaon\k30Last.js
| MD5 | ea793f01d989bcf6f2f7b333831dd787 |
| SHA1 | 57a480728913d356b62137344906e936b366ef56 |
| SHA256 | b0f2661fa33126e8772fe3a088288d100e17656033484a57e19b5865e2ca974f |
| SHA512 | 8b3ec71ea5e5f4c7db6e3d0fdad557ea2380b5c0fee5c70bb6461148bc102d646c0caa45abcaa87d409bd012b6b3dbe4c3c0fce5d413499ab96bae1e819f280b |
C:\Users\Admin\AppData\Local\Temp\5f69388e\knnlfdlekojbebccggjioopkandhdaon\content.js
| MD5 | 0654917402505bc71a231599d02e09a2 |
| SHA1 | e24d4fcf6f136c3be86b4dc01bd3bf446ce462ff |
| SHA256 | 9577828de9e701114e75cca9918972c9028689518882edcb6aa193f9353c19ae |
| SHA512 | 3e7077342d4c06d1192898a4ec5c9b19f3ca8883c5fd7c6e2a581d855959b748b5a8c4b07e3468cfc8b79e6abc1595fefccb41011c179da665567d5dc4b2da5d |
C:\Users\Admin\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json
| MD5 | 876496308931b819152d59b604933fa9 |
| SHA1 | f20cd67f676bd5f2f3505869c96cb5de1c89f7c6 |
| SHA256 | 98c869d73a787c79a30743be2abd363321d19f27d25bade6b42971ee4e274fc4 |
| SHA512 | f6dda4a9fbda99d90fedd4ee8bb79ef0fdc4941efaf51a8af565a37e4074435ce4cadccdec3e47f5d3caf2d1c9c4091a52af02d9b7936db499a4ce8634fe48b2 |
C:\Users\Admin\AppData\Local\Temp\5f69388e\[email protected]\bootstrap.js
| MD5 | df13f711e20e9c80171846d4f2f7ae06 |
| SHA1 | 56d29cda58427efe0e21d3880d39eb1b0ef60bee |
| SHA256 | 6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4 |
| SHA512 | 6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e |
C:\Users\Admin\AppData\Local\Temp\5f69388e\[email protected]\chrome.manifest
| MD5 | 349cc6477ea86d06b041eb5dbe9280bf |
| SHA1 | 3ed8d1e7bb3799e7ac652efb640e8d6892c14343 |
| SHA256 | 3134b6a207fc29d719e3b736c1a8fae9cf204605648adf2d65308bb8bb807a21 |
| SHA512 | b763fda63e6e2e884195594d6f78d81f1cee047432917da4a8966f1c4503514c3d88f8244e5ad3cb36eba243ca0a04f16bca5dd86caf150c15d6aaf029650548 |
C:\Users\Admin\AppData\Local\Temp\5f69388e\[email protected]\content\bg.js
| MD5 | 017f3c5bb21b5773dcf154175a33cd9b |
| SHA1 | d8e0780e8e7e1f1e8cdb06a3f57525fe0cbcee7e |
| SHA256 | 39b9b7f1da11fd650f8acfbe9bc36898b1f2415c8edf304beb8622b70ea40158 |
| SHA512 | 643897807a74dda12e032da2e46031da88fd5233270a1a779d9e4c3f13a8d88376d15b00189e15a0cda391b9448fcfe8dcc368845416946e521933fc00ab35f6 |
C:\Users\Admin\AppData\Local\Temp\5f69388e\[email protected]\install.rdf
| MD5 | 274c6158964f52b13e76fbc298076c3f |
| SHA1 | 282fa6731c52c4fa62bf69317f95919b5b8e6ce9 |
| SHA256 | 9db533644a114475e94a70b10b9a574e37c26e8bc490da779d3de6ceacbbb817 |
| SHA512 | 4827b06950a2d193fbaab42ef57e17004965edb84edde22639073bd07b00f78fca065c74d08628a8200ff393ba50e594126ee3cf846287bfd40627b113a3f815 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 17:48
Reported
2024-04-07 17:51
Platform
win10v2004-20231215-en
Max time kernel
121s
Max time network
153s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\DefaultAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
| File created | C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
| File created | C:\Users\WDAGUtilityAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
| File created | C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\manifest.json | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5044 wrote to memory of 5020 | N/A | C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe |
| PID 5044 wrote to memory of 5020 | N/A | C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe |
| PID 5044 wrote to memory of 5020 | N/A | C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e581bfcecf4d04572cd73e03ca03e8a9_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe
"C:\Users\Admin\AppData\Local\Temp/71740924/37bz2M.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.exe
| MD5 | 3235a5142bce167c8be580ce72d55378 |
| SHA1 | 8e8c1d0303a7924d0bbb20d7d69ab712e2397593 |
| SHA256 | 8358abb88476040868017096d1870834af04773921394555c002070e1fb7475c |
| SHA512 | 913fc9e9bf1857cff7a7d22bb21e563f977be20cb4a671550c7b67026259c5ebb8fafa55615a8a6f4d3a248337e0bc40455a8a257c4d9eff9413c41a8ff18d08 |
C:\Users\Admin\AppData\Local\Temp\71740924\37bz2M.dat
| MD5 | 19704cea92f792f8dda3814a436bbc8b |
| SHA1 | 72ba2c8464d14645fd029fa5891ea8fbdc4beb4c |
| SHA256 | 0dfa2ae39c051951d892d6de77558dfe83a1586d49bbdc023a515b2f81fe2da5 |
| SHA512 | e7141db13a188dd7b74d6bc2f6a341bbd18ec72d2aa64f97ddf55f164441f0608abb11b776ff8dd1bd644450fc540383a8b09ed4d3e7d03c01eaddd4e8258f56 |
C:\Users\Admin\AppData\Local\Temp\71740924\knnlfdlekojbebccggjioopkandhdaon\background.html
| MD5 | 2cefed3696354c0e8c6ef1635eb1748c |
| SHA1 | b2184df1cd1cda49471842e458a98d34c90c92e4 |
| SHA256 | e606b6e17669e80daef16e6421305625612c6d4e913a19586950f3981c6eb478 |
| SHA512 | 7486f74cf89245f51e250203fb0839ba2f5494622b4a80e48fd2c9f6e42b070425214469e0540b748577746953bbc934f7147996114db62ecefc66f3d7755594 |
C:\Users\Admin\AppData\Local\Temp\71740924\knnlfdlekojbebccggjioopkandhdaon\content.js
| MD5 | 0654917402505bc71a231599d02e09a2 |
| SHA1 | e24d4fcf6f136c3be86b4dc01bd3bf446ce462ff |
| SHA256 | 9577828de9e701114e75cca9918972c9028689518882edcb6aa193f9353c19ae |
| SHA512 | 3e7077342d4c06d1192898a4ec5c9b19f3ca8883c5fd7c6e2a581d855959b748b5a8c4b07e3468cfc8b79e6abc1595fefccb41011c179da665567d5dc4b2da5d |
C:\Users\Admin\AppData\Local\Temp\71740924\knnlfdlekojbebccggjioopkandhdaon\k30Last.js
| MD5 | ea793f01d989bcf6f2f7b333831dd787 |
| SHA1 | 57a480728913d356b62137344906e936b366ef56 |
| SHA256 | b0f2661fa33126e8772fe3a088288d100e17656033484a57e19b5865e2ca974f |
| SHA512 | 8b3ec71ea5e5f4c7db6e3d0fdad557ea2380b5c0fee5c70bb6461148bc102d646c0caa45abcaa87d409bd012b6b3dbe4c3c0fce5d413499ab96bae1e819f280b |
C:\Users\Admin\AppData\Local\Temp\71740924\knnlfdlekojbebccggjioopkandhdaon\lsdb.js
| MD5 | 36d98318ab2b3b2585a30984db328afb |
| SHA1 | f30b85fbe08e1d569ad49dfeafaf7cb2da6585a5 |
| SHA256 | ea2caf61817c6f7781ee049217e51c1083c8fc4f1e08e07792052dfdfa529ae7 |
| SHA512 | 6f61ccda2eba18369409850b2c91c9817fc741755e29a1579646e3816e0deab80e34a5adb9ff865c773793d32ac338163a224dbf363b46420d6ea42a7bbb2b3a |
C:\Users\Admin\AppData\Local\Temp\71740924\knnlfdlekojbebccggjioopkandhdaon\manifest.json
| MD5 | 4c4bad19f3514e843f38a49ed67c9126 |
| SHA1 | bbb1b10f73992a749c51c447678676a18849fab4 |
| SHA256 | c7d4e356cc5de4755833d581a7b0092d7259ed2bb172ca195bc23f8e504eefae |
| SHA512 | 050533fc10b26f027f990248b27f738ed182a8c42b8b9a898e66cd0fb4ef382cc94ae47eb027bbf8eaf1912b61b9c21798a15dd7be4431c89779e6f3eaeedfcf |
C:\Users\WDAGUtilityAccount\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\k30Last.js
| MD5 | 37655ee4006f2b12cc90c7f1aa6831e2 |
| SHA1 | 38d0689cae44b15d15a2fee259764e00bf905cad |
| SHA256 | 2927917f208df8f962b814c25a82803c73729d445c6af9f627ddd76c52e1f845 |
| SHA512 | a97a0e6ad39aec4a8efa863673121d5005675c6a3103164192030dd1202646094ffe401245b8ead0f1ae4a103e1ad75c51cf125b8ad58983c83f3d96653414aa |
C:\Users\WDAGUtilityAccount\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knnlfdlekojbebccggjioopkandhdaon\2.2\lsdb.js
| MD5 | b6d7dcc66dbb3f6fc3e112b2c1bee01a |
| SHA1 | c453ff9aeffed75ba68729fb40c291c887da5007 |
| SHA256 | 6b4168e801cbc6e12c67eb1227bacd8b3e3d1c75177d617caf53e0e3db8ec297 |
| SHA512 | cc2579fc863128db86c349586b3c32ebcf5c52b534359b5933a95075e13179c5e644176258903f955bbbff40bc4860895958635d41c766959dc47197613e6c53 |
C:\Users\Admin\AppData\Local\Temp\71740924\[email protected]\install.rdf
| MD5 | 274c6158964f52b13e76fbc298076c3f |
| SHA1 | 282fa6731c52c4fa62bf69317f95919b5b8e6ce9 |
| SHA256 | 9db533644a114475e94a70b10b9a574e37c26e8bc490da779d3de6ceacbbb817 |
| SHA512 | 4827b06950a2d193fbaab42ef57e17004965edb84edde22639073bd07b00f78fca065c74d08628a8200ff393ba50e594126ee3cf846287bfd40627b113a3f815 |
C:\Users\Admin\AppData\Local\Temp\71740924\[email protected]\content\bg.js
| MD5 | 017f3c5bb21b5773dcf154175a33cd9b |
| SHA1 | d8e0780e8e7e1f1e8cdb06a3f57525fe0cbcee7e |
| SHA256 | 39b9b7f1da11fd650f8acfbe9bc36898b1f2415c8edf304beb8622b70ea40158 |
| SHA512 | 643897807a74dda12e032da2e46031da88fd5233270a1a779d9e4c3f13a8d88376d15b00189e15a0cda391b9448fcfe8dcc368845416946e521933fc00ab35f6 |
C:\Users\Admin\AppData\Local\Temp\71740924\[email protected]\chrome.manifest
| MD5 | 349cc6477ea86d06b041eb5dbe9280bf |
| SHA1 | 3ed8d1e7bb3799e7ac652efb640e8d6892c14343 |
| SHA256 | 3134b6a207fc29d719e3b736c1a8fae9cf204605648adf2d65308bb8bb807a21 |
| SHA512 | b763fda63e6e2e884195594d6f78d81f1cee047432917da4a8966f1c4503514c3d88f8244e5ad3cb36eba243ca0a04f16bca5dd86caf150c15d6aaf029650548 |
C:\Users\Admin\AppData\Local\Temp\71740924\[email protected]\bootstrap.js
| MD5 | df13f711e20e9c80171846d4f2f7ae06 |
| SHA1 | 56d29cda58427efe0e21d3880d39eb1b0ef60bee |
| SHA256 | 6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4 |
| SHA512 | 6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e |